Lets hear it for the honeymonkeys

Worthwhile article over at SecurityFocus on Microsoft’s HoneyMonkey project. We first heard of them one or two months ago, and its neat to see this update.
Traditionally a honeypot sits back and waits to be attacked. In the honeymonkey model, they go out and find websites, and look at the result of going to the website. Using this method they have found sites that serve up exploits, including at least one zero day. (the zero day was an exploit of the jview vulnerability patched in July).
Also interesting is the report that even a partially patched version of Windows XP Service Pack 2 blocks the lion’s share of attacks.
According to the article Microsoft plans to forward the information on these sites to law enforcement.